[AIX HP-UX Linux Solaris Windows][z/OS]

Configuring web service binding to use SSL

Use this task to specify abstract intents in the Service Component Architecture (SCA) composite file to achieve a quality of service for secure connection using Secure Sockets Layer (SSL). The default SCA composite file is called default.composite and it is located in the META-INF level of the application structure. These intents must be mapped to policy sets that can satisfy the intents during deployment.

Before you begin

Before you begin this task, install a service application.

About this task

Intents and policy sets can be used to configure web service bindings to achieve a secure connection.

Procedure

  1. Configure administrative and application security for the server.

    In order to secure the service so that it only accepts secure requests, and for the service to require authentication, administrative and application security must be enabled for the server. See Securing JAX-WS web services using message-level security.

  2. Configure the service to require a secure transport by attaching the WSHTTPS default policy set.
    Policy sets and bindings can be specified for SCA services and references using one of three different methods.
    • Specify a policy set and bindings directly in the composite file.
    • Attach a policy set during deployment using the addCompUnit command.
    • Attached or update a policy set during post deployment using the web services policy set management panels in the administrative console.

    For additional information on each of the methods for attaching a policy set, see mapping abstract intents and managing policy sets. The code examples that are included in this task step and the next step use the composite file method to specify the WSHTTPS Default policy set.

    Attach the WSHTTPS default policy set and define the quality of service (QoS) namespace in the composite file.
    <service name="AccountService">
      <binding.ws 
         qos:wsPolicySet="WSHTTPS default"
         ... />
    </service>
  3. Configure the client to use SSL connection by attaching a policy set to the <binding.ws> element.

    The wsPolicySet attribute can be used to specify policy sets at the composite, component, service, reference, and binding.ws levels in the SCA composite file. The actual attachment happens only at the binding.ws level and policy sets specified at other levels are inherited down to the binding level. For additional information on attaching policy sets and the inheritance rules, refer to mapping abstract intent to policy sets. The following example illustrates the attachment of WSHTTPS default policy set to the <binding.ws> element.

    <reference name="AccountService">
      <binding.ws 
         qos:wsPolicySet="WSHTTPS Default"
         ... />
    </reference>
    The WSHTTPS default policy set is a default policy set available in every server profile and it provides client-side SSL transport configuration. For additional information, see WSHTTPS default policy set.
    Important: The client must use an endpoint address of the form https://<host>:<secure-port> to contact the service.

Results

When you finish this task, you have configured web service bindings to use SSL.

What to do next

You can proceed to configuring other application specific bindings for your policy sets.




In this information ...


Related concepts

IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 6, 2014 8:11:25 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=matt&product=was-nd-mp&topic=twbs_sca_wsbind_tran_ssl
File name: twbs_sca_wsbind_tran_ssl.html